E-mail and IM can put it in a competitor's hands in a heartbeat; it can walk out the door on a CD, USB stick, MP3 player or laptop hard drive. Regulations like HIPAA and SOX pile civil and criminal penalties on top of traditional business risks.

Much of this critical information is created in ubiquitous Microsoft Office apps--Word, Excel, Outlook, PowerPoint--which is, in itself, a strong case for considering Windows Rights Management Services (RMS) to identify and protect sensitive documents.

For example, a user could apply a rights policy to a Word document that allows members of the accounting department to modify the contents, and denies access to everyone else in the organization. Unlike traditional ACL entries used on all file servers, these permissions are embedded within the document, so that it's protected even if it's sent off site.

With the release of its first Service Pack, Microsoft has significantly improved RMS. It's now FIPS-compliant and supports two-factor authentication and non-Internet connected "air gap" networks. The management console GUI is improved, as is the software development kit for enabling RMS use with custom applications. We tested a variety of policies for both documents and e-mail, and the product performed flawlessly. We were able to share documents among multiple users with various levels of access, and strictly control whether e-mail could be forwarded to unauthorized users.

RMS does a nice job separating administrative and content rights. For example, if you're an attorney handling highly confidential client matters, you want system administrators to be able to maintain the various systems and data that the organization uses, but not have access to the actual content. This type of situation is very common in highly secure classified military environments.

RMS consists of a Web-based management server and an Microsoft SQL Server back end. Administrators use the management console to define and distribute rights management policies.

Setup and installation of the management console is fairly straightforward--basic services can be up and running in about 30 minutes. No client software is required for Windows 2000/XP.

MS Office 2003 offers the most seamless experience. Office 2000 users can access and manipulate documents using an Internet Explorer plug-in depending on policy, but the integration, look and feel aren't nearly as good.

Exec Summary

Rights-based protection

Two-factor authentication

Limited admin access

Predeployment planning

Limited app support

Although RMS is fairly easy to implement technically, the most significant barrier of deployment is organizational planning, especially if you want to share RMS-protected content with extranet partners. If this is the case, you'll have to carefully identify cross-organizational trust issues: Does each party maintain its own infrastructure, or does it share the other's resources? How does one party let the other know about employee change/add/delete requests?

If you're ready to invest the time upfront, RMS is a good solution to a big problem and will allow your organization to securely collaborate with extranet partners without worrying about whether or not sensitive materials will mysteriously find their way to the Internet.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy